Business Unit Security Officer

We are a leading financial services provider committed to making decisions easier and lives better for our customers and colleagues around the world. From our environmental initiatives to our community investments, we lead with values throughout our business. To help us stand out, we help you step up, because when colleagues are healthy, respected and meaningfully challenged, we all thrive. Discover how you can grow your career, make impact and drive real change with our Winning Team today. 

Working Arrangement

Job Description

The opportunity

This role is part the Information Risk team, who is the information security control team under Canadian Information Technology First Line of Defense. The team performs risk-based information security assessments for new technologies and changes to existing IT-based solutions, accountable to identify threats for both the cloud-based and on premises-based infrastructure, platform, and services.:

• Perform Canadian Business Unit project and technology information risk assessments including assessing risks and define controls as well as tracking the implementation of controls.
• Design, document and/or implement BAU security controls applicable to the cloud-based infrastructure, platform, and services.
• Evaluate products for implementing security controls in the cloud or on-premises spaces.

Key Responsibilities:

• Responsible for the execution of information risk assessment processes in compliance with global Information Risk Assessment methodology.
• Ensure the appropriate steps are taken to ensure the Information Risk Assessment process is followed in integration with other related processes: architecture review, project risk management framework, etc.
• Manage the priorities between the tasks assigned with input from the risk owners.
• Attend project meetings, provide timely updates, advise on risks and impact around the changes.
• Ensure each information risk assessment completed is peer-reviewed & communicated to larger distribution to various stakeholders.
• Provide training to key stakeholders around the information risk assessment processes.
• Respond to audits, regulatory reviews, risk and controls self-assessments.

Job Requirements (Experience/Knowledge/Skills):

• Degree holder of Computer Science, Information Technology, Software Engineering, Business Administration, or relevant educational and professional experience.
• Relevant professional designations (e.g., CISSP, CRISC, CISM, CISA, GSEC).
• 5+ years of experience in a combination of relevant technical disciplines in the field of Information Security: network security, application security, identity and access management, IT operations security, vulnerability management, information protection, physical security, cybersecurity.
• 5+ years of IT/Information Risk management experience: vendor risk management, project risk management, IT audit or IT controls assessment.
• Deep knowledge of cloud computing security and IaaS, PaaS, or SaaS environments.
• Knowledge of security frameworks (e.g., ISO 27001, COBIT), regulatory requirements and standards (e.g., NIST, GDPR, Sarbanes-Oxley).
• Strong communication, presentation, and facilitation skills to all levels and audiences.
• Influence behavior to reduce risks and foster a strong information security risk management culture.
• Problem solving, analytical, and innovative mindset.
• Strong team player (collaborative).
• Strong time management and organizational skills to manage multiple tasks and changing priorities.
• Knowledge and understanding of the financial industry is preferred.

What motivates you?

• You obsess about customers, listen, engage and act for their benefit.
• You think big, with curiosity to discover ways to use your agile approach and enable business outcomes.
• You thrive in teams and enjoy getting things done together.
• You take ownership and build solutions, focusing on what matters.
• You do what is right, work with integrity and speak up.
• You share your humanity, helping us build a diverse and inclusive work environment for everyone.

What can we offer you?

• A competitive salary and benefits packages.
• A growth trajectory that extends upward and outward, encouraging you to follow your passions and learn new skills.
• A focus on growing your career path with us.
• Flexible work policies and strong work-life balance.
• Professional development and leadership opportunities.

Our commitment to you

• Values-first culture
  We lead with our Values every day and bring them to life together.
• Boundless opportunity
  We create opportunities to learn and grow at every stage of your career.
• Continuous innovation
  We invite you to help redefine the future of financial services.
• Delivering the promise of Diversity, Equity and Inclusion
  We foster an inclusive workplace where everyone thrives.
• Championing Corporate Citizenship
  We build a business that benefits all stakeholders and has a positive social and environmental impact.

About Manulife and John Hancock

Manulife Financial Corporation is a leading international financial services group that helps people make their decisions easier and lives better. With our global headquarters in Toronto, Canada, we operate as Manulife across our offices in Asia, Canada, and Europe, and primarily as John Hancock in the United States. We provide financial advice, insurance, and wealth and asset management solutions for individuals, groups and institutions. At the end of 2022, we had more than 40,000 employees, over 116,000 agents, and thousands of distribution partners, serving over 34 million customers. At the end of 2022, we had $1.3 trillion (US$1.0 trillion) in assets under management and administration, including total invested assets of $0.4 trillion (US $0.3 trillion), and segregated funds net assets of $0.3 trillion (US$0.3 trillion). We trade as ‘MFC’ on the Toronto, New York, and the Philippine stock exchanges, and under ‘945’ in Hong Kong.

Manulife is an Equal Opportunity Employer

At Manulife/John Hancock, we embrace our diversity. We strive to attract, develop and retain a workforce that is as diverse as the customers we serve and to foster an inclusive work environment that embraces the strength of cultures and individuals. We are committed to fair recruitment, retention, advancement and compensation, and we administer all of our practices and programs without discrimination on the basis of race, ancestry, place of origin, colour, ethnic origin, citizenship, religion or religious beliefs, creed, sex (including pregnancy and pregnancy-related conditions), sexual orientation, genetic characteristics, veteran status, gender identity, gender expression, age, marital status, family status, disability, or any other ground protected by applicable law. 

It is our priority to remove barriers to provide equal access to employment. A Human Resources representative will work with applicants who request a reasonable accommodation during the application process. All information shared during the accommodation request process will be stored and used in a manner that is consistent with applicable laws and Manulife/John Hancock policies. To request a reasonable accommodation in the application process, contact recruitment@manulife.com.